richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8149 Commits
33 Branches
82 Tags
154 MiB
Tree: 768fbeff0b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '768fbeff0b'
${ noResults }
kubespray/docs/operations/cgroups.md

73 lines
2.6 KiB
Raw Normal View History

optimize cgroups settings for node reserved (#9209) * optimize cgroups settings for node reserved * fix * set cgroup slice for multi container engine * set cgroup slice for crio * add reserved cgroups variables to sample files * Compatible with cgroup path for different container managers * add cgroups doc * fix markdown
2 years ago
fix kube_reserved so it only controls kubeReservedCgroup (#11367)
7 months ago
optimize cgroups settings for node reserved (#9209) * optimize cgroups settings for node reserved * fix * set cgroup slice for multi container engine * set cgroup slice for crio * add reserved cgroups variables to sample files * Compatible with cgroup path for different container managers * add cgroups doc * fix markdown
2 years ago
fix kube_reserved so it only controls kubeReservedCgroup (#11367)
7 months ago
optimize cgroups settings for node reserved (#9209) * optimize cgroups settings for node reserved * fix * set cgroup slice for multi container engine * set cgroup slice for crio * add reserved cgroups variables to sample files * Compatible with cgroup path for different container managers * add cgroups doc * fix markdown
2 years ago
  1. # cgroups
  3. To avoid resource contention between containers and host daemons in Kubernetes, the kubelet components can use cgroups to limit resource usage.
  5. ## Enforcing Node Allocatable
  7. You can use `kubelet_enforce_node_allocatable` to set node allocatable enforcement.
  9. ```yaml
  10. # A comma separated list of levels of node allocatable enforcement to be enforced by kubelet.
  11. kubelet_enforce_node_allocatable: "pods"
  12. # kubelet_enforce_node_allocatable: "pods,kube-reserved"
  13. # kubelet_enforce_node_allocatable: "pods,kube-reserved,system-reserved"
  14. ```
  16. Note that to enforce kube-reserved or system-reserved, `kube_reserved_cgroups` or `system_reserved_cgroups` needs to be specified respectively.
  18. Here is an example:
  20. ```yaml
  21. kubelet_enforce_node_allocatable: "pods,kube-reserved,system-reserved"
  23. # Set kube_reserved to true to run kubelet and container-engine daemons in a dedicated cgroup.
  24. # This is required if you want to enforce limits on the resource usage of these daemons.
  25. # It is not required if you just want to make resource reservations (kube_memory_reserved, kube_cpu_reserved, etc.)
  26. kube_reserved: true
  27. kube_reserved_cgroups_for_service_slice: kube.slice
  28. kube_reserved_cgroups: "/{{ kube_reserved_cgroups_for_service_slice }}"
  29. kube_memory_reserved: 256Mi
  30. kube_cpu_reserved: 100m
  31. # kube_ephemeral_storage_reserved: 2Gi
  32. # kube_pid_reserved: "1000"
  33. # Reservation for master hosts
  34. kube_master_memory_reserved: 512Mi
  35. kube_master_cpu_reserved: 200m
  36. # kube_master_ephemeral_storage_reserved: 2Gi
  37. # kube_master_pid_reserved: "1000"
  39. # Set to true to reserve resources for system daemons
  40. system_reserved: true
  41. system_reserved_cgroups_for_service_slice: system.slice
  42. system_reserved_cgroups: "/{{ system_reserved_cgroups_for_service_slice }}"
  43. system_memory_reserved: 512Mi
  44. system_cpu_reserved: 500m
  45. # system_ephemeral_storage_reserved: 2Gi
  46. # system_pid_reserved: "1000"
  47. # Reservation for master hosts
  48. system_master_memory_reserved: 256Mi
  49. system_master_cpu_reserved: 250m
  50. # system_master_ephemeral_storage_reserved: 2Gi
  51. # system_master_pid_reserved: "1000"
  52. ```
  54. After the setup, the cgroups hierarchy is as follows:
  56. ```bash
  57. / (Cgroups Root)
  58. ├── kubepods.slice
  59. │ ├── ...
  60. │ ├── kubepods-besteffort.slice
  61. │ ├── kubepods-burstable.slice
  62. │ └── ...
  63. ├── kube.slice
  64. │ ├── ...
  65. │ ├── {{container_manager}}.service
  66. │ ├── kubelet.service
  67. │ └── ...
  68. ├── system.slice
  69. │ └── ...
  70. └── ...
  71. ```
  73. You can learn more in the [official kubernetes documentation](https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/).